On average, over 8,000 new vulnerabilities are discovered in common software and hardware platforms every year. That's over 20 every single day!

Most companies don't have time to keep on top of this – IT managers have a million other things to do and even well-resourced security teams would struggle to strike a balance between tracking remediation activity; providing management reports; responding to incidents, providing advice to the business and monitoring nascent cyber threats. That’s exactly why Intruder runs Emerging Threat Scans – so you don’t have to.

How do they work?

As soon as we identify a new vulnerability that could critically affect your systems, we'll automatically kick-off a scan on all your external targets (license permitting). Please note, you cannot initiate them manually.


Assuming you haven’t disabled notifications, once the scan completes we’ll update you via email, Slack/Microsoft Teams and in the Intruder portal – whether it’s reassuring or cautionary, you’ll always know exactly what to do.

Email notification - passed

Slack notification - passed

Intruder portal notification - pass and fail

If the Emerging Threat Scan notification has a red lightning bolt icon that means that at least one of your targets "failed" one or more of the checks. You can click on the notification to see details of what we scanned you for, which targets were affected and recommended remediation advice.

If the lightning bolt is green, it means your targets passed all checks of the Emerging Threat Scan. Again, you can click on the notification for more information on the checks that were run.

Why don't the failed checks show on my Issues page?

To provide a fast response time, Emerging Threat Scans are handled differently from our regular scans.

How do I get more information on a failed ETS?

All of the ETS are listed on the scans page > Emerging Threats.

If you'd like more information than is shown in the pop-up above, just re-scan the target and if the issue is still present, it'll appear on your issues page along with all the other details you'd expect to see.

Do Emerging Threat Scans consume licenses?

Yes, they do. An Emerging Threat Scan will run on as many targets as you have licenses; so you have five unscanned targets and five licenses available, then all of those licenses will be assigned and consumed as soon as the ETS runs. Also, if any of your targets are already consuming licenses, then the 30 day license period will be reset in line with the ETS start date/time.

Can I disable them?

Yes, of course. To do that, head to your scans page, hit the cog icon and toggle Emerging Threat Scans to off.

Note: Emerging Threat Scan features are only available for customers on our Pro and Vanguard plans.

Did this answer your question?